DECNet???
In yesterday’s logfile, I found a number of entries like this:
%%%%%%%%%%% OPCOM 23-MAY-2007 11:59:13.74 %%%%%%%%%%%
Message from user SYSTEM on DIANA
Event: Access Control Violation from: Node LOCAL:.DIANA Session Control,
at: 2007-05-23-12:59:13.150+02:00Iinf
NSAP Address=49::00-15:AA-00-04-00-01-54:21,
Source=UIC = [0,0]HTTP$NOBODY,
Destination=number = 17,
Destination User="",
Destination Account="",
Node Name=LOCAL:.DIANA
eventUid 05E361FC-0925-11DC-A8A1-0000F87653E2
entityUid 415FAA9C-F8E3-11DB-81F1-AA0004000154
streamUid 5144F470-F8E3-11DB-82D7-AA0004000154
That looks like DECNet, run by the webserver??? (given the user HTTP$NOBODY) but the webserver logfile doesn’t show anything on this. I know that at that time SSH did not respond at all, and the webserver was very slow. No idea what could have caused it.
49:: is not on my network, that’s for sure.
What goes on behind the doors of the (private) data center